{"id":2911,"date":"2018-06-03T22:05:49","date_gmt":"2018-06-03T13:05:49","guid":{"rendered":"https:\/\/tech.akat.info\/?p=2911"},"modified":"2018-06-03T23:13:20","modified_gmt":"2018-06-03T14:13:20","slug":"harekaze-talk-1-%e3%81%ab%e5%8f%82%e5%8a%a0%e3%81%97%e3%81%9f","status":"publish","type":"post","link":"https:\/\/tech.akat.info\/?p=2911","title":{"rendered":"Harekaze Talk #1 \u306b\u53c2\u52a0\u3057\u305f"},"content":{"rendered":"<p><a href=\"https:\/\/harekaze.connpass.com\/event\/87863\/\">Harekaze Talk #1 @\u65e5\u672c\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8\u682a\u5f0f\u4f1a\u793e<\/a>\u306b\u53c2\u52a0\u3057\u305f\u3002\u305d\u306e\u969b\u306e\u30e1\u30e2\u3002<\/p>\n<h1>Office365\u7b49\u306e\u304a\u91d1\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3084\u8272\u3005\u8a71\u3059 &#8211; @hiww\u6c0f<\/h1>\n<p>\u30fbOffice 365 \u3092\u5229\u7528\u3059\u308b\u306e\u3067\u3042\u308c\u3070\u3001<a href=\"https:\/\/technet.microsoft.com\/ja-jp\/library\/exchange-online-advanced-threat-protection-service-description.aspx\">Office 365 Advanced Threat Protection \u30b5\u30fc\u30d3\u30b9<\/a>\u3092\u5229\u7528\u3059\u3079\u3057\u3002<br \/>\n\u3000\u7c21\u5358\u306b\u30e1\u30fc\u30eb\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3092\u5411\u4e0a\u3055\u305b\u308b\u3053\u3068\u304c\u53ef\u80fd\u3002<\/p>\n<h1>EMAC\u306b\u3064\u3044\u3066 &#8211; @chouett0\u6c0f<\/h1>\n<h2>EMAC\u3068\u306f<\/h2>\n<p>\u30fbExtreme Malware Analyzing Challenge(\u9020\u8a9e\u3001\u4eca\u5f8c\u5909\u308f\u308b\u304b\u3082)<br \/>\n\u30fb\u30de\u30eb\u30a6\u30a7\u30a2\u89e3\u6790\u306e\u6577\u5c45\u3092\u4f4e\u304f\u3057\u305f\u3044<br \/>\n\u30fb\u307e\u305a\u306f\u30b3\u30df\u30e5\u30cb\u30c6\u30a3\u5f62\u6210\u304b\u3089\u3001\u6700\u7d42\u7684\u306b\u306f\u5927\u4f1a\u304c\u3067\u304d\u308c\u3070\u3088\u3044\u3068\u8003\u3048\u3066\u3044\u308b<\/p>\n<h2>\u89e3\u6790\u4f8b<\/h2>\n<p>file\u30b3\u30de\u30f3\u30c9\u3067\u30d5\u30a1\u30a4\u30eb\u3092\u5224\u5225<br \/>\n\u2192HTML\u30d5\u30a1\u30a4\u30eb\u3060\u3063\u305f<br \/>\n\u2192http,https\u3067URL\u3092\u691c\u7d22<br \/>\n\u2192whois\u3084aguse.jp\u3092\u5229\u7528\u3057\u3066\u4e2d\u8eab\u3092\u8abf\u3079\u308b<br \/>\n\u2192\u30a2\u30af\u30bb\u30b9\u5148\u304c2\u7b87\u6240\u3042\u308a\u3001\u4e2d\u56fd\u3068\u30ed\u30b5\u30f3\u30bc\u30eb\u30b9<br \/>\n\u2192\u30ed\u30b5\u30f3\u30bc\u30eb\u30b9\u306e\u30b5\u30fc\u30d0\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u30de\u30eb\u30a6\u30a7\u30a2\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9<br \/>\n\u2192Ollydbg\u3067\u30de\u30eb\u30a6\u30a7\u30a2\u306e\u52d5\u304d\u3092\u89e3\u6790(\u30d0\u30a4\u30ca\u30ea\u3067\u3042\u308c\u3070\u3001strings\u30b3\u30de\u30f3\u30c9\u304c\u6709\u76ca\u304b\u3082)<br \/>\n\u3000Wireshark\u3067\u901a\u4fe1\u72b6\u6cc1\u3001Process Explorer\u306a\u3069\u3067\u30d7\u30ed\u30bb\u30b9\u72b6\u6cc1\u3092\u76e3\u8996\u3059\u308b<br \/>\n\u2192Firefox\u3068\u9023\u643a\u3057\u3066\u3001\u4ed6\u306e\u30de\u30eb\u30a6\u30a7\u30a2\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u3066\u3044\u308b\u6a21\u69d8<br \/>\n\u3000\u96fb\u6e90\u8a2d\u5b9a\u3084\u30c7\u30a3\u30b9\u30d7\u30ec\u30a4\u30b5\u30a4\u30ba\u3067\u30b5\u30f3\u30c9\u30dc\u30c3\u30af\u30b9\u304b\u3069\u3046\u304b\u78ba\u8a8d\u3057\u3066\u3044\u308b\u3089\u3057\u3044<\/p>\n<h1>SCAP on Windows &#8211; @hogehuga\u6c0f<\/h1>\n<p>\u30fbSecurity Content Automation Protocol<br \/>\n\u3000\u60c5\u5831\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u306e\u81ea\u52d5\u5316\u3068\u6a19\u6e96\u5316\u306e\u305f\u3081\u306e\u898f\u683c\u3067\u3001\u88fd\u54c1\u306b\u3064\u3044\u3066\u306eID (CPE)\u3001 \u8106\u5f31\u6027\u306b\u3064\u3044\u3066\u306eID (CVE)\u3001<br \/>\n\u3000\u8a2d\u5b9a\u306b\u3064\u3044\u3066\u306eID (CCE), \u8106\u5f31\u6027\u306e\u6df1\u523b\u3055\u306e\u30b9\u30b3\u30a2\u3065\u3051 (CVSS)\u3001\u81ea\u52d5\u30c1\u30a7\u30c3\u30af\u306e\u305f\u3081\u306e\u8a00\u8a9e (OVAL)\u3001<br \/>\n\u3000\u30c1\u30a7\u30c3\u30af\u30ea\u30b9\u30c8\u306e\u30d5\u30a9\u30fc\u30de\u30c3\u30c8 (XCCDF) \u306a\u3069\u304c\u6a19\u6e96\u5316\u3055\u308c\u3066\u3044\u308b\u3002<br \/>\n\u3000https:\/\/qiita.com\/bezeklik\/items\/8bf7d0ccf5cf916d778c<br \/>\n\u30fbCVSS\u306b\u3064\u3044\u3066\u3001\u30b9\u30b3\u30a2\u3060\u3051\u3067\u306a\u304fVector\u3092\u898b\u306a\u3051\u308c\u3070\u306a\u3089\u306a\u3044(\u3069\u306e\u7a0b\u5ea6\u3001\u653b\u6483\u3057\u3084\u3059\u304f\u5371\u967a\u306a\u306e\u304b\u304c\u3088\u308a\u8a73\u7d30\u306b\u308f\u304b\u308b)<br \/>\n\u30fbOpenSCAP\u3092Windows\u3067\u52d5\u4f5c\u3055\u305b\u3088\u3046\u3068\u3057\u305f\u304c\u3001\u30b3\u30f3\u30d1\u30a4\u30eb\u304c\u3046\u307e\u304f\u3044\u3063\u3066\u3044\u306a\u3044\u72b6\u6cc1\u3002(\u30d0\u30a4\u30ca\u30ea\u914d\u5e03\u3055\u308c\u3066\u3044\u306a\u3044\u305f\u3081\u30b3\u30f3\u30d1\u30a4\u30eb)<br \/>\n\u30fbSCAP\u30c4\u30fc\u30eb\u306e\u5927\u534a\u306fLinux\u7528\u3067Windows\u7528\u306f\u306a\u3044\u3002<br \/>\n\u3000WSUS\u3084\u30b0\u30eb\u30fc\u30d7\u30dd\u30ea\u30b7\u30fc\u304c\u3042\u308b\u304b\u3089\u4e0d\u8981\uff1f\u305f\u3060\u3057\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3059\u308b\u3053\u3068\u3068\u3001\u8106\u5f31\u6027\u304c\u306a\u304f\u306a\u308b\u3053\u3068\u306f\u5225\u554f\u984c\u3002<br \/>\n\u30fbSCAP\u5b9f\u73fe\u6642\u306e\u30e1\u30ea\u30c3\u30c8\u306f\u3001Linux\u3068\u540c\u3058\u3088\u3046\u306b\u7ba1\u7406\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308b\u3053\u3068\u3002(CVSS\u306a\u3069\u3067\u6bd4\u8f03\u3067\u304d\u308b\u305f\u3081\u3001\u898b\u901a\u3057\u304c\u3088\u304f\u306a\u308b)<br \/>\n\u30fbSCAP\u5b9f\u73fe\u6642\u306e\u30c7\u30e1\u30ea\u30c3\u30c8\u3068\u3057\u3066\u3001CVSS\u304c\u308f\u304b\u3063\u3066\u3082\u3001\u3069\u306eKB\u306e\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u304c\u9069\u7528\u3055\u308c\u3066\u3044\u306a\u3044\u306e\u304b\u306f\u308f\u304b\u3089\u306a\u3044\u3002<br \/>\n\u3000OVALdi\u304c2014\u5e74\u4ee5\u964d\u3001\u66f4\u65b0\u3055\u308c\u3066\u3044\u306a\u3055\u305d\u3046\u3002<\/p>\n<h1>Windows\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u69cb\u306b\u3064\u3044\u3066 &#8211; @megumish\u6c0f<\/h1>\n<p>\u203bLinux\u3068\u6bd4\u8f03\u3057\u305f\u3068\u304d\u306e\u8a71\u304c\u30e1\u30a4\u30f3\u3002<\/p>\n<p>\u30fbExploit\u3059\u308b\u4eba\u304c\u3044\u308b\u305f\u3081\u3001\u30bb\u30ad\u30e5\u30a2\u306b\u4fdd\u305f\u306a\u3051\u308c\u3070\u306a\u3089\u306a\u3044\u3002<br \/>\n\u30fbExploit\u306f\u30e1\u30e2\u30ea\u3092\u66f8\u304d\u63db\u3048\u308b\u3053\u3068\u3084\u3042\u308b\u3044\u306f\u30e1\u30e2\u30ea\u4e0a\u306e\u8cc7\u6e90\u3092\u5229\u7528\u3059\u308b\u3053\u3068\u3067\u884c\u308f\u308c\u308b\u3002<br \/>\n\u30fb\u653b\u6483\u624b\u6cd5\u306e\u7a2e\u985e\u306b\u3064\u3044\u3066<br \/>\n\u3000\u30fbXSS<br \/>\n\u3000\u30fbSQL injection<br \/>\n\u3000\u30fbBinary Exploitation<br \/>\n\u3000\u3000\u30fbShell Code Injection<br \/>\n\u3000\u3000\u30fbBuffer Over Flow<br \/>\n\u3000\u3000\u30fbReturn Oriented Programming<br \/>\n\u3000\u3000\u30fbHeap Exploitation<br \/>\n\u30fbVMMap(sysinternals)\u3068\u3044\u3046\u30c4\u30fc\u30eb\u3067Windows\u30e1\u30e2\u30ea\u306e\u72b6\u6cc1\u3092\u78ba\u8a8d\u3059\u308b\u3068\u3001Linux(cat \/proc\/self\/maps)\u3068\u4ee5\u4e0b\u306e\u70b9\u304c\u7570\u306a\u308b\u3053\u3068\u304c\u308f\u304b\u308b\u3002<br \/>\n\u3000\u30fb\u5b9f\u884c\u30d7\u30ed\u30bb\u30b9\u304c\u6700\u521d\u306b\u3042\u308b\u304b\u3001\u6700\u5f8c\u304b\u3002<br \/>\n\u3000\u30fbheap\u30e1\u30e2\u30ea\u304c\u6563\u3089\u3070\u3063\u3066\u3044\u308b\u3002(Linux\u306f\u4e00\u7b87\u6240\u306b\u96c6\u307e\u3063\u3066\u3044\u308b)<br \/>\n\u3000\u30fb\u30e1\u30e2\u30ea\u78ba\u4fdd\u304c\u5c11\u3057\u3065\u3064\u51e6\u7406\u3055\u308c\u308b\u3002(Linux\u306f\u4e00\u6c17\u306b\u78ba\u4fdd\u3059\u308b)<\/p>\n<h2>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u69cb<\/h2>\n<p>\u30fbFull Relro(\u304a\u305d\u3089\u304fLinux\u306e\u8a71)<br \/>\n\u3000\u5916\u90e8\u30d0\u30a4\u30ca\u30ea\u3092\u5b9f\u884c\u3059\u308b\u3068\u304d\u306b\u3001\u30c6\u30fc\u30d6\u30eb\u3092\u5229\u7528\u3059\u308b\u3002<br \/>\n\u3000Exploit\u306f\u30c6\u30fc\u30d6\u30eb\u95a2\u6570\u306e\u66f8\u304d\u63db\u3048\u308b\u3053\u3068\u3067\u4e88\u671f\u305b\u306c\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3055\u305b\u308b\u3002<br \/>\n\u3000\u3064\u307e\u308a\u30c6\u30fc\u30d6\u30eb\u3092\u8aad\u307f\u53d6\u308a\u5c02\u7528\u306b\u3059\u308b\u3053\u3068\u3067\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30ec\u30d9\u30eb\u3092\u5411\u4e0a\u3055\u305b\u308b\u3002<br \/>\n\u30fbDEP(Data Execution Prevention)<br \/>\n\u3000\u5b9f\u884c\u53ef\u80fd\u9818\u57df\u306b\u3059\u308b\u5fc5\u8981\u306e\u306a\u3044\u30e1\u30e2\u30ea\u9818\u57df\u306b\u5b9f\u884c\u6a29\u9650\u3092\u4e0e\u3048\u306a\u3044\u3053\u3068\u3067\u3001Exploit\u3092\u9632\u3050\u3002<br \/>\n\u30fbASLR(Address Space Layout Randomization)<br \/>\n\u3000OS\u8d77\u52d5\u6642\u306b\u30d0\u30a4\u30ca\u30ea\u306e\u914d\u7f6e\u4f4d\u7f6e\u3092\u30e9\u30f3\u30c0\u30e0\u306b\u5909\u66f4\u3059\u308b\u3002<br \/>\n\u30fbCFG<br \/>\n\u3000\u4e0d\u6b63\u306a\u95a2\u6570\u304c\u5b9f\u884c\u3055\u308c\u3066\u3044\u306a\u3044\u304b\u8abf\u3079\u3001ROP\u306a\u3069\u306e\u653b\u6483\u3092\u9632\u3050<\/p>\n<h2>\u307e\u3068\u3081<\/h2>\n<p>\u30fb\u305d\u3082\u305d\u3082Linux\u3068Windows\u3060\u3068\u30e1\u30e2\u30ea\u7ba1\u7406\u65b9\u6cd5\u304c\u9055\u3044\u3059\u304e\u308b\u305f\u3081\u3001\u653b\u6483\u306e\u4ed5\u65b9\u3084\u5b88\u308a\u65b9\u3082\u9055\u3063\u3066\u304f\u308b\u3002<br \/>\n\u30fb\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u306f\u3057\u3063\u304b\u308a\u3057\u3088\u3046\uff01<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Harekaze Talk #1 @\u65e5\u672c\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8\u682a\u5f0f\u4f1a\u793e\u306b\u53c2\u52a0\u3057\u305f\u3002\u305d\u306e\u969b\u306e\u30e1\u30e2\u3002 Office365\u7b49\u306e\u304a\u91d1\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3084\u8272\u3005\u8a71\u3059 &#8211; @hiww\u6c0f \u30fbOffice 365 \u3092\u5229\u7528\u3059\u308b\u306e\u3067\u3042\u308c\u3070\u3001Of [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[35],"tags":[],"_links":{"self":[{"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/posts\/2911"}],"collection":[{"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tech.akat.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2911"}],"version-history":[{"count":8,"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/posts\/2911\/revisions"}],"predecessor-version":[{"id":2919,"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/posts\/2911\/revisions\/2919"}],"wp:attachment":[{"href":"https:\/\/tech.akat.info\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2911"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tech.akat.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2911"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tech.akat.info\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2911"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}